6. Security Considerations -- Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example.
Under no circumstances are RFC-compliant UUIDs of any version as secure as a properly-generated 128-bit (or more) key. Even version 4 and 5 UUIDs necessarily have non-random bits.
Furthermore, although the RFC makes a half-hearted attempt to nudge you in that direction, there is no assurance that any of the bits of a UUID are generated in a cryptographically secure manner. If you're using a UUID library that chooses its random numbers poorly, your results may be utterly non-random.
See http://www.ietf.org/rfc/rfc4122.txt -->
6. Security Considerations -- Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example.